正真正銘のC1000-018問題集で無料PDF問題で合格させる
結果を保証するには最新2022年02月無料で提供するC1000-018
IBM C1000-018 認定試験の出題範囲:
| トピック | 出題範囲 |
|---|---|
| トピック 1 |
|
| トピック 2 |
|
| トピック 3 |
|
| トピック 4 |
|
| トピック 5 |
|
| トピック 6 |
|
| トピック 7 |
|
| トピック 8 |
|
| トピック 9 |
|
質問 38
Which considering the ability to tune False Positives with the Confidence factor Setting, which statement applies?
- A. To ensure that the results are comparable, it is important to apply a common Confidence Factor across all network segments.
- B. Secure areas should have a lower confidence value, while less secure areas should have a higher confidence value.
- C. When setting a confidence factor, using a higher value will result in a higher number of Offenses.
- D. Secure areas should have a higher confidence value, while less secure areas should have a lower confidence value a higher,,
正解: D
質問 39
What does the Assets tab provide?
A unified view of the information that is kwon about:
- A. triggered Offenses.
- B. network devices.
- C. events and flows.
- D. log sources.
正解: C
解説:
Explanation
https://www.ibm.com/docs/en/qradar-on-cloud?topic=administration-asset-management
質問 40
What steps are needed to add an Annotation to an event or flow that triggered a Rule?
- A. When creating a Rule, a custom Annotation can be automatically applied to events and flows that originate from specified Sources.
- B. Events and Flows cannot be Annotated, the only information allowed in an event or flow is data that was included in the original payload.
- C. When creating a Rule, a custom Annotation can be specified to automatically be applied to the event or flow that triggered the Rule.
- D. Annotations can be manually added to an Offense. These Annotations are then automatically applied to all events or flows which triggered the rule creating that Offense.
正解: C
質問 41
An analyst for a particular offense needs to investigate to understand the breakdown of the offense details.
How can the analyst do this?
- A. View the attack path of the offense.
- B. Look at all the event QIDs attached to the offense.
- C. Look at the list of categories, event low level categories and the events attached.
- D. Look at the magnitude information and its breakdown.
正解: D
解説:
質問 42
After working with an Offense, an analyst set the Offense as hidden. What does the analyst need to do to view the Offense at a later time?
- A. In the al Offenses view, select Actions, then select show hidden Offenses.
- B. Search for all Offenses owned by the analyst
- C. In the all Offenses view, at the top of the view, select ''Show hidden'' from the ''Select an option'' drop- down.
- D. Click Clear Filter next to the "Exclude Hidden Offenses".
正解: D
解説:
Explanation
To clear the filter on the offense list, click Clear Filter next to the Exclude Hidden Offenses search parameter.
質問 43
There are 5 authentication servers that report to different Event Processors. There is a requirement to generate an Offense if there are 5 consecutive failed logins detected across any of the 5 Event Processors.
Which type of rule should the analyst create?
- A. Local Rule
- B. Persistent Rule
- C. Offense Rule
- D. Global Rule
正解: D
解説:
Explanation
Global rules These rules use the Any domain modifier and run across all tenants.
質問 44
An analyst noticed that from a particular subnet (203.0.113.0/24), all IP addresses are simultaneously trying to reach out to the company's publicly hosted FTP server.
The analyst also noticed that this activity has resulted in a Type B Superflow on the Network Activity tab-Under which category, should the analyst report this issue to the security administrator?
- A. Syn Flood
- B. Network Scan
- C. DDoS
- D. Port Scan
正解: C
質問 45
What is displayed in the status bar of the Log Activity tab when streaming events?
- A. Average number of results that are received per minute.
- B. Accumulated number of results that are received per minute.
- C. Accumulated number of results that are received per second.
- D. Average number of results that are received per second.
正解: D
解説:
Explanation
Status bar
When streaming events, the status bar displays the average number of results that are received per second.
質問 46
The administrator had set up several scheduled reports that can be executed by analysts every Monday, and the first day of each month. On Thursday, an executive requests one of the weekly reports.
If the analyst executes the report on Thursday, what information will the report contain?
- A. Data from Monday to Thursday from the current week.
- B. Data from Monday to Wednesday from the current week.
- C. Data from Monday to Sunday from the previous week.
- D. Data from Thursday from the previous week to Wednesday from the current week
正解: D
質問 47
The graph below shows a time series of a value. A rule has been created which will trigger at the indicated point.
Which type of QRadar rule has been used?
- A. Common Rule
- B. Anomaly Rule
- C. Behavioral Rule
- D. Threshold Rule
正解: D
質問 48
Where can an analyst working with Offenses add a regular expression test into an existing rule?
- A. Top
- B. Left
- C. Bottom
- D. Right
正解: A
質問 49
QRadar collects information from numerous log sources and other agents. Sometimes these agents stop reporting to QRadar for a variety of reasons. There is a default rule in QRadar to help identify these cases called the Device Stopped Sending Events (DSSE) Rule.
What does the DSSE Rule do?
- A. It checks for log sources which are reporting that they have not had any communication in a certain amount of time.
- B. It runs when there is an absence of Events.
- C. It listens for log sources that send out regular health events and triggers the Rule when encountered
- D. It checks for Rules which have fired due to an absence of Events.
正解: D
質問 50
When an Offense is triggered, it only shows the events that triggered the Offense. The analyst wants to investigate further to see more events around the incident, not only those that triggered the Offense. The analyst clicks on the event count and sees the events belonging to the Offense.
How can the analyst processed to see a more detailed picture of what occurred?
- A. Right-click on the destination IP, and choose More Options, then Raw Events.
- B. Right-click on the source IP, and choose More Options, then Information, and then Search Events
- C. Right-click and filter on the Destination IP.
- D. Right-click on the source IP, and choose View in DSM Editor.
正解: C
質問 51
The SOC team complained that they have can only see one Offense in the Offenses tab.
space of 10 minutes, but the analyst How can the analyst ensure only one email is sent in this circumstance?
- A. Ensure that the Rule Action Limiter is configured the same way as the Rule Response Limiter.
- B. Disable Automated Offense Notification - by email, in Advanced System Settings.
- C. Add a Response Limiter to the Rule, configured to execute only once every 30 minutes.
- D. Configure the postfix mail server on the Console to suppress duplicate items
正解: D
質問 52
An analyst is working on Offense management and finds that a few of the offenses are not being removed from the Offense tab even after the Offense retention period has elapsed.
What could be the reason that these offenses are not being removed?
- A. Offense has been annotated
- B. Offense is protected
- C. Offense is inactive
- D. Offense is released
正解: C
質問 53
What information is included in flow details but is not in event details?
- A. Magnitude information
- B. Network summary information
- C. Number of bytes and packets transferred
- D. Log source information
正解: B
解説:
Explanation
Flows represent network activity by normalizing IP addresses, ports, byte and packet counts, and other data, into flow records, which effectively are records of network sessions between two hosts.
質問 54
The administrator had set up several scheduled reports that can be executed by analysts every Monday, and the first day of each month. On Thursday, an executive requests one of the weekly reports.
If the analyst executes the report on Thursday, what information will the report contain?
- A. Data from Monday to Wednesday from the current week.
- B. Data from Monday to Sunday from the previous week.
- C. Data from Monday to Thursday from the current week.
- D. Data from Thursday from the previous week to Wednesday from the current week
正解: C
質問 55
An analyst wants to create a report using the report wizard.
What are key elements used by the wizard to create the report?
- A. Report templates, user groups, permissions.
- B. Layout, container, content
- C. Report templates, layout, content.
- D. Report templates, layout, saved searches
正解: C
質問 56
Where can an analyst investigate a security incident to determine the root cause of an issue, and then work to resolve it?
- A. Risk tab
- B. Offense tab
- C. Network Activity tab
- D. Vulnerabilities tab
正解: D
質問 57
What is the reason for this system notification?
"Time synchronization to primary or Console has failed"
- A. Deny ntpdate communication on port 223.
- B. Deny ntpdate communication on port 123
- C. Deny ntpdate communication on port 423.
- D. Deny ntpdate communication on port 323.
正解: B
解説:
Explanation
38750129 - Time synchronization to primary or Console has failed.
The managed host cannot synchronize with the console or the secondary HA appliance cannotsynchronize with the primary appliance.
Administrators must allow ntpdatecommunication on port 123.
質問 58
What is the difference between a Quick Search and an Advanced Search?
- A. An Advanced Search displays results by Category, while a Quick Search displays results by column.
- B. An Advanced Search uses a saved search, while a Quick Search uses a query language.
- C. A Quick Search displays results by column, while an Advanced Search displays results by Category.
- D. A Quick Search uses a saved search, while an Advanced Search requires a query language.
正解: D
解説:
Explanation
Quick Search
Use the search box to quickly find documents by any keyword or criteria. Here you can also view and re-use your most recent and saved searches.
Advanced Searching
The advanced search allows you to build structured queries using the Jira Query Language.
質問 59
An analyst noticed that from a particular subnet (203.0.113.0/24), all IP addresses are simultaneously trying to reach out to the company's publicly hosted FTP server.
The analyst also noticed that this activity has resulted in a Type B Superflow on the Network Activity tab-Under which category, should the analyst report this issue to the security administrator?
- A. DDoS
- B. Network Scan
- C. Syn Flood
- D. Port Scan
正解: C
解説:
Explanation
https://www.ibm.com/docs/en/SS42VS_7.3.3/com.ibm.qradar.doc/b_qradar_admin_guide.pdf
質問 60
How can a log source be defined?
- A. Data source such as Netflow. J-Flow or sFlow data.
- B. Data source such as a firewall or intrusion protection system (IPS) that creates an event log.
- C. Data source such as a user interacting with a QRadar Console to do daily work.
- D. Data source that can be found on the Network Activity tab.
正解: B
質問 61
......
C1000-018ブレーン問題集PDF、IBM C1000-018試験問題詰合せ:https://jp.fast2test.com/C1000-018-premium-file.html